Flexera Software FlexNet Publisher Denial of Service Vulnerability

Flexera Software FlexNet Publisher FLEXlm is the core software license management component of the Entitlement Relationship Management Solution from Flexera Software. The product provides software and hardware manufacturers with the ability to price, package and customize software license terms. ...

CVE-2019-8960

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in t...

You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update

You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update The problem that the "Symptoms" section describes was corrected in Windows Update Agent 3.0 and in update 927891. These updates wer...

CVE-2020-10569

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...

CVE-2020-5569

An unquoted search path vulnerability exists in HDD Password tool for Windows version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TBHD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS, CANVIO PREMIUM 2TBHD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS, CANVIO PREMIUM 1TBHD-MB10TY, HD-MA10TY,...

Design/Logic Flaw

An unquoted search path vulnerability exists in HDD Password tool for Windows version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TBHD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS, CANVIO PREMIUM 2TBHD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS, CANVIO PREMIUM 1TBHD-MB10TY, HD-MA10TY,...

Malicious Package

atlas-client is a malicious package. The package typosquats on the original package atlasclient and executes malicious code in a portable executable hidden in a .png file...

Zoom Client Trust Management Issue Vulnerability

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A trust management issue vulnerability exists in Zoom Client for Meetings version 4.6.11, which stems from the airhost.exe file initializing the SHA-256 hash value of the...

Security Bulletin: Windows DLL injection vulnerability with IBM Java Affects SPSS Modeler

Summary IBM® Runtime Environment Java™ Version JRE7, JRE8SR4FP10 and JRE8SR5FP25 used by IBM SPSS Modeler on windows platform has a windows dll injection vulnerability. The issues is addressed. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version 7.0.0....

PT-2020-6094 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings version 4.6.11 Description: The issue is related to the airhost.exe executable file in Zoom Client for Meetings, which uses a hardcoded registration data with the SHA-256 hashing algorithm. This could allow a remote...

Microsoft Windows Unquoted Service Path Privilege Escalation Exploit

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths...

Untrusted Search Path in Content - Edit Files / Companion - CVE-2020-4019

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. h5. Acknowledgements Credit for finding this vulnerability goes to Johannes...

New AgentTesla variant steals WiFi credentials

AgentTesla is a .Net-based infostealer that has the capability to steal data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. The actor behind this malware is constantly maintaining it by adding new modules. One of the new modules that has been...

CVE-2020-1002

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'...

CVE-2020-7274

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security ENS for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges by default it runs with the...

Input validation

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security ENS for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file...

CVE-2020-7259 Unsigned executable vulnerability in ENS can be used to bypass intended self-protection rules

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security ENS Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file...

Microsoft Windows KERNELBASE Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Low: Red Hat Security Advisory: elfutils security update

An update for elfutils is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Microsoft (MAU) Office Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate MAU application for Mac improperly validates updates before executing them. An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges. To...